The present invention relates to methods for protecting against cookie-poisoning attacks in networked-communication applications.
“HTTP cookies”, more commonly referred to as web cookies, tracking cookies or just cookies, are parcels of text sent by a server to a web browser, and then sent back unchanged by the browser each time the browser accesses that server. HTTP cookies are used for authenticating, tracking, and maintaining specific information about users such as site preferences or the contents of an electronic shopping cart.
While cookies are supposed to be stored and sent back to the server unchanged, an attacker may modify the value of cookies before sending the cookies back to the server. The process of tampering with the value of cookies is called a “cookie-poisoning” attack. Such attacks help malicious users to gain unauthorized information about other users and “steal their identity” (i.e. identity theft). Adequate cookie-poisoning protection should detect cookies that were modified on a client machine by verifying that cookies which are sent by the client are identical to the cookies that were set by the server.
In the prior art, Imperva Inc., Redwood Shores, Calif., provides a SecureSphere product for detecting cookie-poisoning attacks. In the Imperva approach, each HTTP request sent to the web server needs to be intercepted, the cookie information needs to be retrieved, and the cookie information needs to be checked against all stored cookies. However, since SecureSphere stores the cookie information on the gateway, memory on the gateway needs to be allocated for the information. In addition, the deletion of stored cookies needs to be managed. Furthermore, SecureSphere's functionality is detrimentally affected if the gateway crashes.
F5 Networks, Inc., Seattle, Wash., provides a BIG-IP Application Security Manager (ASM) (see white paper on “Web Application Vulnerabilities and Avoiding Application Exposure”). The BIG-IP ASM creates only one cookie which contains all other cookies' information for each domain. This means that the created cookie's path attribute should be for the topmost path (i.e. “/”) in order to receive this cookie with any request for validation purposes. Such a configuration may cause unnecessary processing when the protected cookies are not designated for the topmost path. In addition, the expiration of the created cookie should be set to be as long as the longest original cookie-expiration period. Such a configuration may continue to “successfully” validate cookies that are already expired.
Ingrian Networks, Inc., Redwood City, Calif., provides an Active Application Security platform. When cookies pass through the platform, the platform applies an advanced cryptographic process to sensitive content within the cookie, and creates a digital signature that perfectly matches the content of the cookie. The signature is appended to the cookie, and used to validate the content of the cookie in every subsequent communication between web client and server. However, the platform adds the signature to the original cookie, and does not create a separate cookie. Such a configuration makes it impossible to use the cookie information in an HTML page because the HTML code will most probably assume that a specific cookie contains a specific value to display to the user. In addition, such a configuration requires the gateway to modify the cookie (i.e. delete the signature) every time the cookie is passed to the web server.
It would be desirable to have methods for protecting against cookie-poisoning attacks in networked-communication applications. Such methods would, inter alia, overcome the limitations of the prior art as described above.